2025-11-18 11:27:42
INCIBE
PUBLISHED
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the descripcion parameter in /WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.